|Skip Navigation Links|
|Exit Print View|
| Oracle Integrated Lights Out Manager (ILOM) 3.1
This section describes how to best configure the Oracle ILOM command-line interface (CLI) for maximum security. This section contains the following topics:
The Oracle ILOM command-line interface (CLI), which is accessed by connecting to Oracle ILOM over the Secure Shell (SSH) protocol or by using a serial connection, has a configurable session time-out. The session time-out determines how many minutes will lapse until an inactive command-line session is automatically logged out. This feature reduces the risk of an unauthorized user finding an unattended computer with an authenticated session to Oracle ILOM.
By default, there is no CLI time-out configured. For maximum security, configure a CLI time-out in any environment where the Oracle ILOM CLI is used on a shared console. The CLI time-out is configured in minutes. Ideally, set the time-out to 15 minutes or less on an unattended session that remains connected to Oracle ILOM.
For information about setting the CLI session time-out, see the Oracle ILOM 3.1 Configuration and Maintenance Guide.
Oracle ILOM provides a Secure Shell (SSH) server capability, allowing remote clients to connect to Oracle ILOM securely to manage Oracle ILOM through the command-line interface. The SSH protocol uses server-side keys to encrypt the channel and secure all communication. SSH clients also use these keys to verify the authenticity of the SSH server.
Oracle ILOM generates server SSH keys on the first boot of a factory default system. This ensures that Oracle ILOM on each server has a unique set of keys. In addition, these keys can manually be regenerated using the Oracle ILOM web and command-line interfaces in the event that new keys are needed.
For information about regenerating SSH keys, see the Oracle ILOM 3.1 Configuration and Maintenance Guide.
The Oracle ILOM command-line interface provides the ability to use user SSH keys for authentication instead of a password. This mechanism uses a secure public/private key pair and provides a stronger alternative to standard user passwords. Use these user SSH keys when writing automated scripts that connect to the Oracle ILOM command-line interface over SSH, as this will prevent having to embed cleartext passwords in a script file.
For more information about using user SSH keys, see the Oracle ILOM 3.1 Configuration and Maintenance Guide.